Refactor golangci-lint configuration and improve error handling

- Updated .golangci.yml to enable default linters and refine suppression rules, enhancing code quality visibility.
- Improved error handling in cmd/root.go by explicitly discarding low-value error messages during fatal exits for consistency with errcheck posture.
- Added best-effort error handling in various locations across the codebase, ensuring that non-critical errors are logged without affecting overall functionality.
- Introduced a new writeMetricsText function to streamline metrics output, improving code clarity and maintainability.
This commit is contained in:
2026-05-27 18:51:33 -05:00
parent feda55e225
commit 843772e9f7
6 changed files with 129 additions and 105 deletions
+52 -38
View File
@@ -1,5 +1,9 @@
# .golangci.yml - reasonable defaults for steamcache2
# Run with: golangci-lint run ./...
# .golangci.yml - steamcache2 lint config
# Philosophy: enable reasonable linters by default (golangci curated set + key additions)
# then use most specific suppressions possible (source //nosec with justification,
# _ = discard for errcheck on unavoidable client writes, narrow exclude-rules only for tests).
# This makes remaining accepted issues visible and actionable in the code.
# Run with: make lint (or golangci-lint run ./...)
# Install: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
run:
@@ -7,42 +11,33 @@ run:
modules-download-mode: readonly
linters:
disable-all: true
# No disable-all: use golangci defaults (errcheck, govet, ineffassign, staticcheck, unused, gosimple, etc.)
# Explicitly enable the non-default linters we require for this LAN cache proxy.
enable:
# errcheck intentionally not enabled yet (pre-existing unchecked I/O in core paths).
# Re-enable per-package after larger refactors reduce surface area.
# - errcheck
- gosec
- govet
- ineffassign
- misspell
- staticcheck
- unused
- gofmt
- goimports
- gosec # security checks (re-audited; see source //nosec for justified cases)
- misspell # documentation hygiene
- goimports # import formatting (enforced)
# gofmt covered via linter or goimports; errcheck/govet etc. from defaults
linters-settings:
errcheck:
check-type-assertions: false # many existing unchecked in http/metrics paths
check-type-assertions: false
check-blank: false
gosec:
excludes:
- G104 # errors unhandled in defer/close common in Go
- G304 # file inclusion via variable (config paths controlled)
- G115 # int->uint casts on positive cache sizes (pre-existing; safe in context)
- G301 # MkdirAll 0755 for cache dirs (pre-existing, functional requirement)
- G306 # WriteFile 0644 for user config (standard, not secret)
# Broad global excludes removed (G104/G115/G301/G304/G306).
# - G301 addressed by switching cache MkdirAll to 0700 (least privilege for CDN content).
# - Remaining justified cases documented with precise //nosec (or #nosec) + comments at the call sites.
# - G104 largely eliminated by errcheck + explicit _ = handling (or defer wrappers).
staticcheck:
checks: ["all", "-SA1019"] # allow deprecated for now if any
checks: ["all"] # SA1019 exclusion removed (no deprecated API usages in tree)
govet:
enable-all: true
disable:
- fieldalignment # performance not critical here
- shadow # pre-existing in large ServeHTTP; avoid noise for now
- fieldalignment # performance tuning not a priority for this proxy appliance
- shadow # common idiomatic "err" redeclarations in error-handling chains (large ServeHTTP, root, parse funcs); enabling adds noise with no real bugs; would require scope refactor for little gain
# errcheck remains disabled globally due to pre-existing noise in http and cache paths.
# Re-enable plan: enable per-package after larger refactors; consider adding a coverage gate later.
# Current config keeps baseline green while allowing incremental strictness.
# Old global errcheck disable + aspirational "re-enable after refactors" comments deleted.
# errcheck is now on via defaults. Unavoidable cases handled at source with _ = or (rarely) narrow rules.
issues:
max-issues-per-linter: 0
@@ -55,18 +50,37 @@ issues:
- path: _test\.go
linters:
- errcheck
- gosec # tests often use weak patterns intentionally
# Pre-existing intentional empty branches (comments explain); cleaned in later refactors
- linters:
- gosec # tests often use weak patterns intentionally (e.g. error injection, temp files)
# NOTE: narrow SA9003 exclude retained only for the one remaining intentional empty branch in test (best-effort status check; main assert is metrics side-effect).
# The config one was a truly redundant check (already errored above); deleted surgically in Fix Round 1 (Issue 1), eliminating its exclude-rule.
- path: steamcache/steamcache_test.go
linters:
- staticcheck
text: "SA9003: empty branch"
# Double-check locking idiom in predictive (content assigned only on miss path); pre-existing
- path: vfs/predictive/predictive.go
# Narrow gosec excludes for unavoidable classes after re-audit (LAN proxy threat model):
# - G115: int64<->uint casts in eviction/GC math (all sizes positive, guarded by capacity checks; API uses uint for bytesNeeded)
# - G304: path vars for Read/Open/Remove under trusted disk.root or user config file (sanitized keys, no traversal, no arbitrary inclusion from untrusted URLs)
# G306 for config WriteFile kept as source //nosec (one site).
# G301 fixed at source (0700 dirs). G104 addressed via errcheck fixes.
- path: vfs/memory/memory.go
linters:
- staticcheck
text: "SA4006"
# Unused field in predictive (likely remnant); pre-existing, excluded to keep lint green for hygiene
- path: vfs/predictive/predictive.go
- gosec
text: "G115"
- path: vfs/disk/disk.go
linters:
- unused
text: "mu"
- gosec
text: "G115"
- path: vfs/gc/gc.go
linters:
- gosec
text: "G115"
- path: config/config.go
linters:
- gosec
text: "G304"
- path: vfs/disk/disk.go
linters:
- gosec
text: "G304"
# Predictive/* rules deleted: vfs/predictive/ removed in commit 0dbb2e0; rules were stale/dead.
# All other suppressions use source-level //nosec (gosec) or _= (errcheck) for precision and visibility.